1. Field
The disclosure relates generally to an improved data processing system and more specifically to data encryption. Even more specifically, the disclosure relates to a method, apparatus, and computer program product for managing encryption of data.
2. Description of the Related Art
Data is often encrypted before being stored in a data processing system. This process limits access to the data to authorized users. Encryption is a process of modifying data into encrypted data using an algorithm. The algorithm uses the contents of a key in modifying the data such that the encrypted data may only be decrypted to the data by using the key. In some illustrative examples, the decryption of the encrypted data uses a different key than the encryption of the data.
The encrypted data may be stored in a volume in the data processing system. A volume is an element in a data processing system that stores data in the data processing system. A data processing system may store data for multiple users. When the data is encrypted and stored in the data processing system, the data may be encrypted using a different key for each user. Of course, multiple users may use the same key for encryption and/or decryption in other illustrative embodiments. For example, a group of users may use a first key, and a single user may use a second key.
Unauthorized users may desire to access encrypted data for which the unauthorized users do not have the key. The unauthorized users may attempt to identify the key for the encrypted data by analyzing the encrypted data. For example, the unauthorized users may attempt to identify the difference between the encrypted data before and after the encrypted data is modified by an authorized user. The unauthorized user may use the differences between the encrypted data before and after being modified to identify the key used to encrypt and/or decrypt the encrypted data.